package com.common.dingding.filter;

import com.common.dingding.utils.JwtUtils;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.web.filter.AccessControlFilter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

@Component("jwt")
public class JwtFilter extends AccessControlFilter {

    @Autowired
    private JwtUtils jwtUtils;

//    @Override
//    protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) {
//        System.out.println("JwtFilter.isAccessAllowed 被调用");
//        return false; // 总是需要验证
//    }
//
//    @Override
//    protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception{
//        System.out.println("JwtFilter.onAccessDenied 被调用");
//        HttpServletResponse httpResponse = (HttpServletResponse) response;
//        String token = httpRequest.getHeader("Authorization");
//
//        if (token == null || !token.startsWith("Bearer ")) {
//            httpResponse.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
//            return false;
//        }
//
//        token = token.substring(7); // 移除 "Bearer " 前缀
//
//        if (!jwtUtils.validateToken(token)) {
//            httpResponse.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
//            return false;
//        }
//
//        String username = jwtUtils.getUsernameFromToken(token);
//        // 这里可以根据username查询用户信息并设置到Subject中
//        // 例如：Subject subject = SecurityUtils.getSubject();
//        // subject.login(new UsernamePasswordToken(username, null));
//        UsernamePasswordToken upToken = new UsernamePasswordToken(username, "", true);
//        SecurityUtils.getSubject().login(upToken);
//        return true;
//    }
@Override
protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) {
    System.out.println("JwtFilter.isAccessAllowed 被调用");
    // 从请求头获取token
    String token = ((HttpServletRequest) request).getHeader("Authorization");

    if (token == null || !token.startsWith("Bearer ")) {
        return false;
    }

    token = token.substring(7); // 去掉 "Bearer "

    try {
        // 验证token
        if (jwtUtils.validateToken(token)) {
            return true; // 验证通过
        }
    } catch (Exception e) {
        // 验证失败
    }

    return false; // 验证失败
}

    @Override
    protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
        System.out.println("JwtFilter.onAccessDenied 被调用");
        HttpServletResponse httpResponse = (HttpServletResponse) response;
        httpResponse.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
        httpResponse.getWriter().write("Unauthorized: Invalid or missing token");
        return false;
    }
}